RE: IEWB Lab 18

From: De Witt, Duane (duane.dewitt@siemens.com)
Date: Fri Oct 21 2005 - 13:04:55 GMT-3

• Next message: Roberto Fernandez: "A general question"
• Previous message: The Great Ryan: ""switchport nonegotiate" & DTP traffic"
• Maybe in reply to: De Witt, Duane: "IEWB Lab 18"
• Next in thread: Brian McGahan: "RE: IEWB Lab 18"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Good point, although I am yet to meet a Cisco sales person that doesn't
pitch their management systems :)

Would either way be counted as correct in the lab or do you feel that
one answer is more correct in this case?

-----Original Message-----
From: Brian McGahan [mailto:bmcgahan@internetworkexpert.com]
Sent: 21 October 2005 04:25 PM
To: De Witt, Duane; kevin gannon
Cc: Bola Adegbonmire; Cisco certification
Subject: RE: IEWB Lab 18

What if the access point is just bridging and is not running IP at all?

Brian McGahan, CCIE #8593
bmcgahan@internetworkexpert.com

Internetwork Expert, Inc.
http://www.InternetworkExpert.com
Toll Free: 877-224-8987 x 705
Outside US: 775-826-4344 x 705
24/7 Support: http://forum.internetworkexpert.com
Live Chat: http://www.internetworkexpert.com/chat/

> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf
Of De
> Witt, Duane
> Sent: Friday, October 21, 2005 8:13 AM
> To: kevin gannon
> Cc: Bola Adegbonmire; Cisco certification
> Subject: RE: IEWB Lab 18
>
> Yeah, agreed. Invariably CDP/STP/SNMP/WLSE traffic would cause the AP
to
> be the first MAC learned by the switch, so a static sticky or maximum
2
> addresses would be the best answer?
>
> Would the guys from IE care to comment?
>
> -----Original Message-----
> From: kgannon@gmail.com [mailto:kgannon@gmail.com] On Behalf Of kevin
> gannon
> Sent: 21 October 2005 12:58 PM
> To: De Witt, Duane
> Cc: Bola Adegbonmire; Cisco certification
> Subject: Re: IEWB Lab 18
>
> Dont have an AP to test but I would bet this is caused by
> CDP/STP traffic. Two would be a better option and hardcode
> a sticky for the AP.
>
> Regards
> Kevin
>
> On 10/21/05, De Witt, Duane <duane.dewitt@siemens.com> wrote:
> > Hi Bola
> >
> >
> >
> > Thanks for the response. Take a look below, I happen to have a
client
> > network that I can take info from:
> >
> >
> >
> > This is the show arp on the AP, it shows the MAC of the AP:
> >
> > Internet 172.16.254.131 - 000f.903e.3ae7 ARPA BVI1
> >
> >
> >
> > This is the show mac-address-table of the switch that the AP
connects
> > to:
> >
> > RCI-GND-SW-2#show mac-address-table interface fastEthernet 0/47
> >
> > Mac Address Table
> >
> > -------------------------------------------
> >
> >
> >
> > Vlan Mac Address Type Ports
> >
> > ---- ----------- -------- -----
> >
> > 1 000f.903e.3ae7 DYNAMIC Fa0/47
> >
> > Total Mac Addresses for this criterion: 1
> >
> >
> >
> > So, it shows that the MAC of the AP is learned by the switch and
would
> > count as a secure address. Not sure if this proves anything though.
> >
> >
> >
> > ________________________________
> >
> > From: Bola Adegbonmire [mailto:bolaccie@yahoo.com]
> > Sent: 21 October 2005 11:42 AM
> > To: De Witt, Duane; Cisco certification
> > Subject: Re: IEWB Lab 18
> >
> >
> >
> > Hi Duane,
> >
> >
> >
> > I believe the solution is right based on the following. The AP is a
> > swicth, except that it is a wireless swicth (in quote). As a result
it
> > does not forward its own mac-address when forwarding datagrams
through
> > it to the network. Only a router replaces the originating
mac-address
> > with its own when forwarding packets received on one interface out
> > another to the network.
> >
> >
> >
> > So IEWB solution is right.
> >
> >
> >
> > Or am I missing something group?
> >
> >
> >
> > Bola
> >
> > "De Witt, Duane" <duane.dewitt@siemens.com> wrote:
> >
> > Hi Group
> >
> >
> >
> > Lab 18 requires only one person to be able to use an AP by
> using
> > port-security. The recommended solution is 'violation
protect'
> > and
> > 'mac-address sticky'.
> >
> >
> >
> > If the default maximum mac-addresses is 1 then the only
> > mac-address that
> > will be allowed is the mac of the AP itself. Shouldn't the
> > maximum be
> > changed to 2 to allow the mac of the AP as well as the mac
of
> > the one
> > person?
> >
> >
> >
> > Regards
> >
> > Duane
> >
> >
> >
> > ____________________________________________
> > SIEMENS Siemens Business Services
> > Siemens Service Center
> >
> > 126 14th Road
> >
> > Erand Gardens
> >
> > Midrand
> >
> > South Africa
> >
> >
> >
> > * +27 11 5452555
> > * +27 83 4452768
> > * +27 11 5415219
> > * duane.dewitt@siemens.com
> >
> >
> >
>

• Next message: Roberto Fernandez: "A general question"
• Previous message: The Great Ryan: ""switchport nonegotiate" & DTP traffic"
• Maybe in reply to: De Witt, Duane: "IEWB Lab 18"
• Next in thread: Brian McGahan: "RE: IEWB Lab 18"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sun Nov 06 2005 - 22:00:52 GMT-3